This issue affects:
\nPhoenix \n\nSecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;
\nPhoenix \n\nSecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;
\nPhoenix \n\nSecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;
\nPhoenix \n\nSecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;
\nPhoenix \n\nSecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;
\nPhoenix \n\nSecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;
\nPhoenix \n\nSecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;
\nPhoenix \n\nSecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;
\nPhoenix \n\nSecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.
"}],"value":"Potential buffer overflow \nin unsafe UEFI variable handling \n\nin Phoenix SecureCore™ for select Intel platforms\n\n\nThis issue affects:\n\n\nPhoenix \n\nSecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;\n\n\nPhoenix \n\nSecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;\n\n\nPhoenix \n\nSecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;\n\n\nPhoenix \n\nSecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;\n\n\nPhoenix \n\nSecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;\n\n\nPhoenix \n\nSecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;\n\n\nPhoenix \n\nSecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;\n\n\nPhoenix \n\nSecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;\n\n\nPhoenix \n\nSecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"providerMetadata":{"orgId":"22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de","shortName":"Phoenix","dateUpdated":"2025-07-28T20:53:10.827Z"},"references":[{"url":"https://phoenixtech.com/phoenix-security-notifications/CVE-2024-0762/"},{"url":"https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/"},{"url":"https://news.ycombinator.com/item?id=40747852"}],"source":{"discovery":"UNKNOWN"},"title":"Potential buffer overflow when handling UEFI variables","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-120","lang":"en","description":"CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}],"affected":[{"vendor":"phoenix","product":"securecore_technology","cpes":["cpe:2.3:a:phoenix:securecore_technology:4.0.1.1:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"4.0.1.1","status":"affected","lessThan":"4.0.1.998","versionType":"custom"}]},{"vendor":"phoenix","product":"securecore_technology","cpes":["cpe:2.3:a:phoenix:securecore_technology:4.1.0.1:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"4.1.0.1","status":"affected","lessThan":"4.1.0.562","versionType":"custom"}]},{"vendor":"phoenix","product":"securecore_technology","cpes":["cpe:2.3:a:phoenix:securecore_technology:4.2.0.1:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"4.2.0.1","status":"affected","lessThan":"4.2.0.323","versionType":"custom"}]},{"vendor":"phoenix","product":"securecore_technology","cpes":["cpe:2.3:a:phoenix:securecore_technology:4.2.1.1:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"4.2.1.1","status":"affected","lessThan":"4.2.1.287","versionType":"custom"}]},{"vendor":"phoenix","product":"securecore_technology","cpes":["cpe:2.3:a:phoenix:securecore_technology:4.3.0.1:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"4.3.0.1","status":"affected","lessThan":"4.3.0.236","versionType":"custom"}]},{"vendor":"phoenix","product":"securecore_technology","cpes":["cpe:2.3:a:phoenix:securecore_technology:4.3.1.1:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"4.3.1.1","status":"affected","lessThan":"4.3.1.184","versionType":"custom"}]},{"vendor":"phoenix","product":"securecore_technology","cpes":["cpe:2.3:a:phoenix:securecore_technology:4.4.0.1:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"4.4.0.1","status":"affected","lessThan":"4.4.0.269","versionType":"custom"}]},{"vendor":"phoenix","product":"securecore_technology","cpes":["cpe:2.3:a:phoenix:securecore_technology:4.5.0.1:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"4.5.0.1","status":"affected","lessThan":"4.5.0.218","versionType":"custom"}]},{"vendor":"phoenix","product":"securecore_technology","cpes":["cpe:2.3:a:phoenix:securecore_technology:4.5.1.1:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"4.5.1.1","status":"affected","lessThan":"4.5.1.15","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-05-14T15:18:12.193624Z","id":"CVE-2024-0762","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-20T13:37:52.909Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T18:18:17.893Z"},"title":"CVE Program Container","references":[{"url":"https://www.phoenix.com/security-notifications/cve-2024-0762/","tags":["x_transferred"]},{"url":"https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/","tags":["x_transferred"]},{"url":"https://news.ycombinator.com/item?id=40747852","tags":["x_transferred"]}]}]},"dataVersion":"5.1"}